I've always had this nagging feeling about Coinbase’s exchange service and I just couldn't quite put my finger on it.

The
San Francisco startup receives praise for its simple method of
acquiring and selling bitcoins, a digital currency, via one’s U.S. bank
account. In fact, Coinbase, founded in June 2012, is now selling over $1 million worth of bitcoins per month. The firm apparently ran out of inventory last week.

Then,
it hit me. This is just like buying bitcoins from your bank – or from
the Internal Revenue Service. If a bank offered a bitcoin purchasing
option from its website, it would look like Coinbase. If Coinbase cut
them in on the commission, it could probably white-label the service
directly to banks.

Nothing
wrong with that, but it means Coinbase fails to leverage the unique
financial privacy aspects of the Bitcoin network. I do not fault founder
and CEO Brian Armstrong, because he’s launched a much-needed Bitcoin
service at a critical point in the digital money's evolution. Here's the
rub: to address the fraud and compliance issues around the irreversible
sale of a privacy product, Coinbase has simply removed the privacy.

Currently, Coinbase provides its exchange service in the U.S. only and it offers two
methods for linking a bank account, “instant account verification” and
“challenge deposit verification.” For those who are uncomfortable
providing their private online banking usernames and passwords to
Coinbase, the alternate method offers a typical challenge deposit
process similar to linking a bank account to PayPal. (In challenge
verification, a company makes two small deposits to the user’s account,
and the user proves she is the accountholder by entering those amounts
into the company’s site.) Coinbase does not allow for other
less-intrusive payment methods, such as a cash deposit at a bank branch,
via an intermediary like TrustCash, or cash bill payment at a retail location, through a network like ZipZap.

Coinbase
is not licensed as a money transmitter in any state, nor is it
registered as a money services business with the U.S. Treasury’s
Financial Crimes Enforcement Network. I applaud the company for
dispensing with these formalities because, since it is only selling a
cryptographic token and not a financial instrument, such registration
and licensure is not legally required.

The company says
it has an anti-money laundering program, but it was not listed on their
web site, and again, it is not a legal requirement for this business.
Besides, the majority of what constitutes an AML program is already
covered via Coinbase's strong relationship to the user's financial
institution, with one of the exceptions being the identification of
aggregated transactions from multiple bank accounts. But even this would
be easy enough for Coinbase to determine based on the additional user
data collected.

According to its privacy policy,
Coinbase collects data about visitors to the site sent by their
computer or mobile phone (e.g. IP addresses) and device information
including but not limited to identifier, name and type, operating
system, location, mobile network information and standard web log
information. Those who sign up for the service may have to provide their
name, address, phone number, email address, and bank or credit card
numbers. Before using the service, customers may further have to give a
Social Security number or birthdate, and they are subject to credit
checks or identity verification by third parties.

Furthermore,
there is no indication that Coinbase deletes the internal bitcoin wallet
transfer logs or the associated bitcoin address logs. With more
observable data points, the privacy of all bitcoin transactions can
become cumulatively degraded.

By criticizing the collection of
personal information for the purchase of bitcoin, a harmless
cryptography product, I am not simply "letting the perfect being the
enemy of the good." Caution is strongly advised when dealing with
Coinbase. The potential exists for enhanced surveillance and network
traffic analysis enabled by the supreme identity management that comes
built-in with Coinbase. For instance, it would not be advisable to play
Bitcoin casino games or poker with Coinbase-acquired bitcoins that
weren't properly "mixed."

Of course, not everyone requires privacy
in their transactions, so Coinbase may suit some users’ purposes just
fine. However, Satoshi Nakamoto, the pseudonymous creator of Bitcoin,
didn't sit down and code the decentralized protocol
because he was upset about banking efficiency and trusted third
parties. He wrote Bitcoin as a value transfer system that could survive
hostile attacks.

When Armstrong says,
"our goal is to make [B]itcoin easier to use, and (longer term) to help
bring fast, cheap, international payments to the whole world" and
"Bitcoin represents a fundamental leap forward in payment technology and
it’s going to bring massive efficiencies to many areas of commerce,"
he's playing only to the low-fee, frictionless attributes of Bitcoin. He
doesn't mean that Coinbase's goal is to facilitate payments for the anonymous and safe purchase of WordPress features in authoritarian countries or to bypass a politically-motivated blockade against WikiLeaks.

When
it comes to the financial privacy and censorship-resistant payment
attributes of Bitcoin, Coinbase falls short, and that, I think, is
likely to impede the startup’s growth. The firm seems not to care. Its
privacy policy states, "We may share your personal information with law
enforcement, government officials, or other third parties when we are
compelled to do so by a subpoena, court order or similar legal
procedure."

When that time comes, you better believe that Coinbase will have a lot to share.

13 comments:

TIL that sharing my bank details in order to use ACH to buy or sell Bitcoins gives away my identity to the party I am buying or selling bitcoins from, and that they may tell on me in order to remain in the business of buying and selling bitcoins via ACH should LEA or IRS ever come to ask about it.

Boy, I'm glad somebody pointed that out or I might have caught my dick in a ceiling fan again. 8I

Actually, Satoshi wrote bitcoin for exactly the reasons—banking efficiency, and trusted third parties—that you said he did not.

Go read the original bitcoin article: http://bitcoin.org/bitcoin.pdf.

The first paragraph motivates bitcoin as a solution to banking efficiency, by avoiding trusted third parties:

"Commerce on the Internet has come to rely almost exclusively on financial institutions serving as trusted third parties to process electronic payments. While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust based model. Completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes. The cost of mediation increases transaction costs, limiting the minimum practical transaction size and cutting off the possibility for small casual transactions, and there is a broader cost in the loss of ability to make non-reversible payments for nonreversible services. With the possibility of reversal, the need for trust spreads. Merchants must be wary of their customers, hassling them for more information than they would otherwise need. A certain percentage of fraud is accepted as unavoidable. These costs and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party."

Of course, that is an auxiliary benefit of a distributed trust model. No one is denying that; however, a centralized scheme would be a far more efficient model if the motivation was only about fees and chargebacks. Indeed, Chaum's protocol had low fees and irreversibility features, but it was centralized at a 'verification' mint.

The decentralization theme is where the advance lies with Satoshi's bitcoin protocol, because centralized systems are inherently prone to attack. The major difference between Bitcoin and digital cash protocols from the 1990s is the distribution of the transaction ledger which has the potential to ensure node privacy and user privacy for the purpose of survivability.

I don't remember accusing anyone of over-centralizing bitcoin. That's not what Coinbase does and their merchant-facing business is exemplary. I just think it feels like buying weed from the DEA.

Actually, the Bitcoin Foundation or a similar nonprofit adds transparency and openness to Bitcoin, because without transparent developer compensation the open source 'volunteers' could be nefariously co-opted by governments or large mining pools.

> because without transparent developer> compensation the open source 'volunteers'> could be nefariously co-opted by governments> or large mining pools.

This fails the giggle test. Columbia Universityprofessor Fred Mishkin is paid a huge salary forhis teaching and he was still bribed intocommitting academic fraud by the bankingestablishment; just watch the movie _Inside Job_to see how.

I can understand the sentiment, but that film misses the root cause. So what if he was bribed? So what if banks paid a ton of money for an undisclosed commission? If these entities were no different than any other private entity, what difference would it make?

So you point out to the collusion, the fascist nature of the banking system. Ok, yes.. and where do they get their power from? The state.

You know the problem isn't even with the existence of the Fed itself, it's the monopoly power given to it by.. you guessed it, the state. Take away legal tender laws (and all other restrictions) and the Fed and their client banks becomes powerless. It wouldn't matter how many academics you bribe, for they would have no influence on shaping policy, since there would be no policy to begin with!

All the critics so far have just attacked strawmen and have said nothing against the merits of this article on the privacy risks involves in these types of services.

I appreciate that there are some people pointing out risks that are subtle or not so apparent, something that can get overlooked when considering coinbase and similar service's good utility.

There are also relatively few high level people who are as vocally anti-statist like Jon here. It isn't necessarily the centralization that's the issue; it's how such services make vulnerable your privacy to state force!

The way the government will eventually attack bitcoin is to go after people for not maintaining full records and paying taxes. It is that simple.

The response will be "There is nothing illegal about using bitcoin and no laws are passed, but you John Doe did not keep records and pay your taxes as an honest citizen, thus you are going to jail".

I plan on making a ton of money on bitcoin, and I would like to be able to use that money at some point by bringing some of it back into the system, which eventually everyone has to do at some point. There is no point in dying and being buried with your offline paper wallet.

To do this I have to keep records and pay the IRS in an honest way. There is no way out of that. If later the IRS defines rules on how to account for various transactions that slightly change the tax owed, as long as I made a good faith effort there is nothing the government can do and I can profit off of my BTC investments.

So why would anyone have a problem with coinbase? They actually make this easier by keeping records. Everyone will have to be tax compliant at some point, might as well get on board.

The whole bitcoin project is not about hiding money, but to create an honest system where the evil bankers can't just print themselves money whenever they want.

Follow The Monetary Future

Read the Monetary Future

Search the Monetary Future

About Me

I am an e-Money researcher and a Founding Director of the Bitcoin Foundation. My career has included senior influential posts at Sumitomo Bank, VISA, VeriSign, and Hushmail.

"Free-market protagonists, such as Matonis, regard cybercash as better than traditional government-issued or -regulated money, because it is determined by market forces and thus nonpolitical in nature." --Robert Guttmann, Professor of Economics at Hofstra University, in Cybercash: The Coming Era of Electronic Money, 2002

"Matonis is quite correct that the new technology makes easier the use of multiple private currencies." --Mark Bernkopf, Federal Reserve Bank of New York, in "Electronic Cash and Monetary Policy", 1996

"Matonis argues that what is about to happen in the world of money is nothing less than the birth of a new Knowledge Age industry: the development, issuance, and management of private currencies." --Seth Godin in Presenting Digital Cash, 1995